#9827 Add settings to sssd conf to speed up id lookups
Closed: Fixed 4 months ago by mobrien. Opened 7 months ago by mobrien.

Describe what you would like us to do:

As per https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/tuning_performance_in_identity_management/assembly_tuning-sssd-in-idm-servers-and-clients-for-large-idm-ad-trust-deployments_tuning-performance-in-idm#tuning_options_for_idm_clients

The setting ldap_deref_threshold in /etc/sssd/sssd.conf file should be set to 0 on all clients. On basic testing an initial id mobrien call after clearing the cache went from ~30s to ~10s and following id calls for other users were almost instant.


When do you need this to be done by? (YYYY/MM/DD)

Can this be added as a drop in on /etc/sssd/conf.d/<foo.conf> or does this need changes in /etc/sssd/sssd.conf ?

when I found that setting and that it was speeding up things at the centos side, I asked mark to test it too
using ansible lineinfile to have it in the [domain\fedoraproject.org] section is probably the best way (so main /etc/sssd/sssd.conf, as stated in the official doc)

Metadata Update from @mohanboddu:
- Issue priority set to: Waiting on Assignee (was: Needs Review)
- Issue tagged with: medium-gain, medium-trouble, ops

7 months ago

Metadata Update from @mohanboddu:
- Issue tagged with: authentication

7 months ago

@smooge made patch to fix the issue, this fix will supersede that patch and any conflict due to that should be resolved.

These changes still need to be made in prod. I will put it through

@mobrien I think this is done now and we can close this. Can you confirm?

This was done on ipsilon and people servers, other servers appear to be working ok so closing this out

Metadata Update from @mobrien:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

4 months ago

Login to comment on this ticket.

Boards 1
ops Status: Done